× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e7ac03d64055c57014dcf17d250aff4e3ce45f012cc88a3e19695377a88ed855
File name: Podox
Detection ratio: 37 / 51
Analysis date: 2014-04-08 01:34:26 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KDV.870846 20140408
Yandex TrojanSpy.Zbot!etXBrgQMJAo 20140407
AhnLab-V3 Spyware/Win32.Zbot 20140407
AntiVir TR/Agent.196608.210 20140408
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140407
Avast Win32:Kryptik-LSA [Cryp] 20140407
AVG SHeur4.BBLU 20140407
Baidu-International Trojan.Win32.Generic.AvhF 20140407
BitDefender Trojan.Generic.KDV.870846 20140408
CAT-QuickHeal TrojanPWS.Zbot.Gen 20140407
Comodo UnclassifiedMalware 20140408
DrWeb Trojan.PWS.Panda.2401 20140408
Emsisoft Trojan.Generic.KDV.870846 (B) 20140408
ESET-NOD32 a variant of Win32/Kryptik.AVEE 20140408
F-Secure Trojan.Generic.KDV.870846 20140407
GData Trojan.Generic.KDV.870846 20140408
Jiangmin TrojanSpy.Zbot.dpvy 20140407
K7AntiVirus Riskware ( 0040eff71 ) 20140407
K7GW Riskware ( 0040eff71 ) 20140407
Kaspersky HEUR:Trojan.Win32.Generic 20140408
Kingsoft Win32.Troj.Zbot.jc.(kcloud) 20140408
Malwarebytes Trojan.Agent.ED 20140408
McAfee PWS-Zbot-FANL!486575C7BDB3 20140408
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20140408
Microsoft PWS:Win32/Zbot.gen!AJ 20140408
eScan Trojan.Generic.KDV.870846 20140408
Norman Troj_Generic.HUTXV 20140407
nProtect Trojan-Spy/W32.ZBot.196608.CY 20140408
Panda Trj/Dtcontx.B 20140407
Qihoo-360 HEUR/Malware.QVM18.Gen 20140408
Sophos AV Troj/Zbot-EGP 20140408
Symantec Trojan.Zbot 20140408
TheHacker Trojan/Kryptik.avee 20140407
TrendMicro TROJ_GEN.R0CBC0CCM14 20140408
TrendMicro-HouseCall TROJ_GEN.R0CBC0CCM14 20140408
VBA32 BScope.Trojan.MTA.0661 20140407
VIPRE LooksLike.Win32.Zbot.a (v) 20140407
AegisLab 20140408
Bkav 20140407
ByteHero 20140408
ClamAV 20140408
CMC 20140407
Commtouch 20140408
F-Prot 20140408
Fortinet 20140407
Ikarus 20140408
NANO-Antivirus 20140408
Rising 20140406
SUPERAntiSpyware 20140408
TotalDefense 20140407
ViRobot 20140407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2000 Unenil Olikixy. Fajiryx Ucufew Oleny.

Publisher Du+
Internal name Podox
File version 6, 9, 9
Description Gyn Ovo Ypymuco
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-03 06:22:07
Entry Point 0x0015F640
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DrawInsert
CryptUIDlgCertMgr
ImmReleaseContext
WNetSetLastErrorW
AlphaBlend
PdhVbUpdateLog
WinHelpA
VDMDetectWOW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
INDONESIAN DEFAULT 1
PE resources
ExifTool file metadata
CodeSize
196608

SubsystemVersion
4.0

LinkerVersion
9.0

ImageVersion
8.2

FileVersionNumber
6.9.0.0

UninitializedDataSize
1245184

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

MIMEType
application/octet-stream

LegalCopyright
2000 Unenil Olikixy. Fajiryx Ucufew Oleny.

FileVersion
6, 9, 9

TimeStamp
2011:02:03 07:22:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Podox

FileAccessDate
2014:04:08 02:39:07+01:00

FileDescription
Gyn Ovo Ypymuco

OSVersion
8.0

FileCreateDate
2014:04:08 02:39:07+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Du+

LegalTrademarks
Edeky Izemiq Gob Ikacehe Xosu Woh Wydypid

FileSubtype
0

ProductVersionNumber
6.9.0.0

EntryPoint
0x15f640

ObjectFileType
Executable application

File identification
MD5 486575c7bdb34ad47b5a337dc13f26a4
SHA1 cc15e8abf0ef788d541841459766ca28fa82ef75
SHA256 e7ac03d64055c57014dcf17d250aff4e3ce45f012cc88a3e19695377a88ed855
ssdeep
3072:5YOy4Cl0IM07gwafnxZoBROQJXdU4s73NQfjUkuuF33SGSZWVfMNAK/u9c1LAs8U:5JNClpjzQorOQg4s73aIXG33SGtWNoLI

imphash d52af4f5e3a75216d67cee9a52900110
File size 192.0 KB ( 196608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-02-20 08:16:51 UTC ( 5 years, 10 months ago )
Last submission 2013-02-24 12:40:50 UTC ( 5 years, 9 months ago )
File names Podox
486575c7bdb34ad47b5a337dc13f26a4
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications